---

Advisories: March 3, 2005

Conectiva Linux


CONECTIVA LINUX SECURITY ANNOUNCEMENT


PACKAGE : clamav
SUMMARY : Fix for denial of service in clamav
DATE : 2005-03-03 14:40:00
ID : CLA-2005:928
RELEVANT RELEASES : 10


DESCRIPTION
Clamav[1] is an anti-virus utility for Unix/Linux.

This announcement updates clamav so it is able to update its
database from the server without any problems related to its format
and also because it fixes a security issue which could lead to a
denial of service[2] situation.

SOLUTION
It is recommended that all clamav users upgrade their packages.
This update will automatically restart the service if it is already
running.

REFERENCES
1.http://www.clamav.net/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0133

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/clamav-0.83-70136U10_7cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-0.83-70136U10_7cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-database-0.83.20041125-70136U10_7cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-0.83-70136U10_7cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-static-0.83-70136U10_7cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav1-0.83-70136U10_7cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en


All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en


Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Fedora Core


Fedora Update Notification
FEDORA-2005-188
2005-03-03


Product : Fedora Core 3
Name : HelixPlayer
Version : 1.0.3
Release : 3.fc3
Summary : Open source media player based on the Helix framework

Description :
The Helix Player 1.0 is an open-source media player built in the
Helix Community for consumers. Built using GTK, it plays open
source formats, like Ogg Vorbis and Theora using the powerful Helix
DNA Client Media Engine.


Update Information:

Updated HelixPlayer packages that fixes two buffer overflow
issues are now
available.

This update has been rated as having critical security impact by
the Red Hat Security Response Team.

A stack based buffer overflow bug was found in HelixPlayer’s
Synchronized Multimedia Integration Language (SMIL) file processor.
An attacker could create a specially crafted SMIL file which would
execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0455 to this issue.

A buffer overflow bug was found in the way HelixPlayer decodes
WAV files. An attacker could create a specially crafted WAV file
which could execute arbitrary code when opened by a user. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0611 to this issue.

All users of HelixPlayer are advised to upgrade to this updated
package, which contains HelixPlayer 1.0.3 which is not vulnerable
to these issues.


  • Thu Mar 3 2005 Ray Strode <rstrode@redhat.com>
    1:1.0.3-3.fc3

    • Actually update to 1.0.3
  • Thu Mar 3 2005 Ray Strode <rstrode@redhat.com>
    1:1.0.3-2.fc3

    • Update to 1.0.3 to fix 150098 and 150103.
    • Add some execshield foo to stop some execstack regressions
    • Add libogg-devel build req to tame compiler

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

6b65dacea8b1502caa8c98d0076f1d6e
SRPMS/HelixPlayer-1.0.3-3.fc3.src.rpm
c385ef4c8ef6ee53ac7c784bb8fd7b58
x86_64/HelixPlayer-1.0.3-3.fc3.i386.rpm
c385ef4c8ef6ee53ac7c784bb8fd7b58
i386/HelixPlayer-1.0.3-3.fc3.i386.rpm
f8d4f9ae8b90ba0e506b83b1e8c0636f
i386/debug/HelixPlayer-debuginfo-1.0.3-3.fc3.i 386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200503-05


http://security.gentoo.org/


Severity: Normal
Title: xli, xloadimage: Multiple vulnerabilities
Date: March 02, 2005
Bugs: #79762
ID: 200503-05


Synopsis

xli and xloadimage are vulnerable to multiple issues,
potentially leading to the execution of arbitrary code.

Background

xli and xloadimage are X11 utilities for displaying and
manipulating a wide range of image formats.

Affected packages


     Package               /   Vulnerable   /               Unaffected


1 media-gfx/xloadimage < 4.1-r2 >= 4.1-r2 2 media-gfx/xli < 1.17.0-r1 >= 1.17.0-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team has
reported that xli and xloadimage contain a flaw in the handling of
compressed images, where shell meta-characters are not adequately
escaped. Rob Holland of the Gentoo Linux Security Audit Team has
reported that an xloadimage vulnerability in the handling of Faces
Project images discovered by zen-parse in 2001 remained unpatched
in xli. Additionally, it has been reported that insufficient
validation of image properties in xli could potentially result in
buffer management errors.

Impact

Successful exploitation would permit a remote attacker to
execute arbitrary shell commands, or arbitrary code with the
privileges of the xloadimage or xli user.

Workaround

There is no known workaround at this time.

Resolution

All xli users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r1"

All xloadimage users should also upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r2"

References

[ 1 ] CAN-2001-0775

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0775

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-06


http://security.gentoo.org/


Severity: Normal
Title: BidWatcher: Format string vulnerability
Date: March 03, 2005
Bugs: #82460
ID: 200503-06


Synopsis

BidWatcher is vulnerable to a format string vulnerability,
potentially allowing arbitrary code execution.

Background

BidWatcher is a free auction tool for eBay users to keep track
of their auctions.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  net-misc/bidwatcher      < 1.3.17                       >= 1.3.17

Description

Ulf Harnhammar discovered a format string vulnerability in
“netstuff.cpp”.

Impact

Remote attackers can potentially exploit this vulnerability by
sending specially crafted responses via an eBay HTTP server or a
man-in-the-middle attack to execute arbitrary malicious code.

Workaround

There is no known workaround at this time.

Resolution

All BidWatcher users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/bidwatcher-1.13.17"

References

[ 1 ] CAN-2005-0158

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0158

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-07


http://security.gentoo.org/


Severity: Normal
Title: phpMyAdmin: Multiple vulnerabilities
Date: March 03, 2005
Bugs: #83190, #83792
ID: 200503-07


Synopsis

phpMyAdmin contains multiple vulnerabilities that could lead to
command execution, XSS issues and bypass of security
restrictions.

Background

phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL databases from a web-browser.

Affected packages


     Package            /    Vulnerable    /                Unaffected

  1  dev-db/phpmyadmin      < 2.6.1_p2-r1               >=3D 2.6.1_p2-r1

Description

phpMyAdmin contains several security issues:

  • Maksymilian Arciemowicz has discovered multiple variable
    injection vulnerabilities that can be exploited through “$cfg” and
    “GLOBALS” variables and localized strings
  • It is possible to force phpMyAdmin to disclose information in
    error messages
  • Failure to correctly escape special characters

Impact

By sending a specially-crafted request, an attacker can include
and execute arbitrary PHP code or cause path information
disclosure. furthermore the XSS issue allows an attacker to inject
malicious script code, potentially compromising the victim’s
browser. Lastly the improper escaping of special characters results
in unintended privilege settings for MySQL.

Workaround

There is no known workaround at this time.

Resolution

All phpMyAdmin users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=3Ddev-db/phpmyadmin-2.6.1_p2-r1"

References

[ 1 ] PMASA-2005-1


http://www.phpmyadmin.net/home_page/security.php?issue=3DPMASA-20051

[ 2 ] PMASA-2005-2


http://www.phpmyadmin.net/home_page/security.php?issue=3DPMASA-20052

[ 3 ] phpMyAdmin bug 1113788


http://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D1113788&group_id=3D23067&atid=3D377408

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Ubuntu Linux


Ubuntu Security Notice USN-90-1 March 03, 2005
imagemagick vulnerability
CAN-2005-0397


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

imagemagick
libmagick6

The problem can be corrected by upgrading the affected package
to version 5:6.0.2.5-1ubuntu1.4. In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Tavis Ormandy discovered a format string vulnerability in
ImageMagick’s file name handling. Specially crafted file names
could cause a program using ImageMagick to crash, or possibly even
cause execution of arbitrary code.

Since ImageMagick can be used in custom printing systems, this
also might lead to privilege escalation (execute code with the
printer spooler’s privileges). However, Ubuntu’s standard printing
system does not use ImageMagick, thus there is no risk of privilege
escalation in a standard installation.

ImageMagick is also commonly used by web frontends; if these
accept image uploads with arbitrary file names, this could also
lead to remote privilege escalation.

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4.diff.gz

Size/MD5: 129865 b6158cb1e8ac827114bbd483465e8f90

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4.dsc

Size/MD5: 874 6d01d5029e385ef25ffcc4b7c1b8f9bc

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz

Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4_amd64.deb

Size/MD5: 1366250 9bd394c1da6ea7f94619af3f9afd8796

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.4_amd64.deb

Size/MD5: 226626 a8fb07c1e1c893d64fd1450518da0c71

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.4_amd64.deb

Size/MD5: 161238 538c672bbbfe4e1c7ff23bd0e531a4d2

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.4_amd64.deb

Size/MD5: 1520098 8bcdd9116e7fd42772b3bd3b3eb97695

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.4_amd64.deb

Size/MD5: 1167436 817bc00875893b331e673b6199516bf0

http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.4_amd64.deb

Size/MD5: 138790 df954c96f52dad5f38302c04f387de54

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4_i386.deb

Size/MD5: 1366210 92438f9dc9e47084c225f6b16390f645

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.4_i386.deb

Size/MD5: 206716 7d8f89d2f933e03ba957a4dab3bd3b05

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.4_i386.deb

Size/MD5: 162920 cdb938585e251bd9304f3203efe4541a

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.4_i386.deb

Size/MD5: 1425872 439f600c0fd309caf5e69df2e7e98a88

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.4_i386.deb

Size/MD5: 1115876 d487f8b1259d468c5c0309c2937388a4

http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.4_i386.deb

Size/MD5: 137370 a5a62a05568a9687681c30c4cdd7e749

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4_powerpc.deb

Size/MD5: 1371458 4c9cf675b5e4d68b903bfc92f657137d

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.4_powerpc.deb

Size/MD5: 225366 5772b0ce2aa584a9030bbbe4388b3f95

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.4_powerpc.deb

Size/MD5: 154678 01f57a326e5fd9785fd1c9e7aecacc8d

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.4_powerpc.deb

Size/MD5: 1660840 ee31f265a2129e7a9da5b9c26dd35910

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.4_powerpc.deb

Size/MD5: 1151880 9612131ca3b44c2c6f22b3a751143297

http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.4_powerpc.deb

Size/MD5: 136294 eb63a44b42367710ec5fd91fedb369e2

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis